<?php
	define("NFO2_ACCOUNTS", NFO2_DB_PREFIX."accounts");	
	
	#THIS IS SIMPLE AUTHENTIFICATION CLASS
	#FEEL FREE TO OVERRIDE IT AS YOU WISH
	
	class auth extends service {
		
		public function __construct($service_name = null ){
			parent::__construct($service_name);
			
			context::get_service("session");
			
			if (context::get("request")->get_param("logout","int")){
				unset($_SESSION["auth"]);
			}
		}
		
		public function authentificate(){
			$cfg = context::get("config");
			if (! $cfg["policy"]["auth"]){
				return true;
			}
			
			switch($cfg["policy"]["auth_method"]){
				case "basic":
					$__poi = new BasicAuth();
				break;
				
				case "db":
					$__poi = new DBAuth();
				break;
				
				default:
					$__poi = new DBAuth();
				break;
			}
				
			if ($__poi->auth()){
				return true;
			}
		}
		
		public function logout(){
			$__poi = new BasicAuth();
			$__poi->auth_revoke();
		}

	}

	//__________________________________________________________________
	
	class BasicAuth {
		
		public function __construct(){
			$this->login = 	context::get("io")->get("login");
			$this->pass = 	context::get("io")->get("pass");
		}
		
		public function auth(){
			
			$auth = context::get("session")->get("auth");

			if ($auth){
				if (context::get("session")->validate()){
					return true;
				}else{
					return false;
				}
			}

			if ($this->login && $this->pass){
				
				$config = context::get("config");
				
				if (
					($this->login == $config["policy"]["auth_login"])&&
					($this->pass  == $config["policy"]["auth_passwd"])
				){
					$this->auth_commit(array("account_id"=>"0"));
					
					return true;
				}
			}

		}

		public function auth_commit($acc){
			$_SESSION["auth"] = true;
			
			$_SESSION["account"]["user_id"] = $acc["account_id"];
			
			
			$_SESSION["security"]["client"]["ip"] = $_SERVER["REMOTE_ADDR"];
		}
		
		public function auth_revoke(){
			unset($_SESSION);
			session_destroy();
		}
	}
	
	//__________________________________________________________________
	
	class DBAuth extends BasicAuth {
	
		
		public function auth(){
			
			$auth = context::get("session")->get("auth");

			if ($auth){
				if (context::get("session")->validate()){
					return true;
				}else{
					return false;
				}
			}

			if ($this->login && $this->pass){

				#$query = "SELECT `passwd` FROM accounts WHERE `status` = 1 AND `login` = ".
				#context::get("db")->quote($this->login);

				#$pass = context::get("db")->fetch_one($query);

				$sth = context::get("db")->prepare("SELECT `passwd`, `account_id`, `login` FROM ".NFO2_ACCOUNTS." WHERE `status` = 1 AND `login` = ? ");
				if(!$sth){
					context::get("io")->debug("Failed to perform authorisation query on table '".NFO2_ACCOUNTS."'" );
					return false;
				}
				$sth->execute(array($this->login));
					
				if (!$acc = $sth->fetch()){
					return false;
				}

				$chiper = context::get("security")->db_salted_hash($this->pass);

				if ($acc["passwd"] == $chiper){
					$this->auth_commit($acc);
					
					return true;
				}
				
				return false;
			}
		}

	}
	
	
	
?>
